PMR enabling set by pre-boot DMA protection is cleared by RC when boot guard is enabled. Pre-boot DMA protection should only reset VT-d BAR when it is 0 and reset PMR region when it is not programmed to protect all memory address.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867 Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0 Cc: Ray Ni <ray...@intel.com> Cc: Rangasai V Chaganty <rangasai.v.chaga...@intel.com> Signed-off-by: Sheng Wei <w.sh...@intel.com> --- .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c | 14 +++++++ .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h | 15 +++++++ .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf | 1 + .../Feature/VTd/IntelVTdPmrPei/VtdReg.c | 47 ++++++++++++++++++++++ 4 files changed, 77 insertions(+) diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c index ea944aa4..31a14f28 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c @@ -745,7 +745,21 @@ VTdInfoNotify ( // Protect all system memory // InitVTdInfo (); + + Hob = GetFirstGuidHob (&mVTdInfoGuid); + VTdInfo = GET_GUID_HOB_DATA(Hob); + + // + // NOTE: We need check if PMR is enabled or not. + // + EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo, VTdInfo->EngineMask); + if (EnabledEngineMask != 0) { + Status = PreMemoryEnableVTdTranslationProtection (VTdInfo, EnabledEngineMask); + } InitVTdPmrForAll (); + if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status)))) { + DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask); + } // // Install PPI. diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h index 58e6afad..ffed2c5b 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h @@ -97,6 +97,21 @@ GetHighMemoryAlignment ( IN UINT64 EngineMask ); +/** + Enable VTd translation table protection in pre-memory phase. + + @param VTdInfo The VTd engine context information. + @param EngineMask The mask of the VTd engine to be accessed. + + @retval EFI_SUCCESS DMAR translation protection is enabled. + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported. +**/ +EFI_STATUS +PreMemoryEnableVTdTranslationProtection ( + IN VTD_INFO *VTdInfo, + IN UINT64 EngineMask + ); + /** Enable VTd translation table protection. diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf index 3eb2b510..1e613ddd 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf @@ -48,6 +48,7 @@ gEdkiiVTdInfoPpiGuid ## CONSUMES gEfiPeiMemoryDiscoveredPpiGuid ## CONSUMES gEfiEndOfPeiSignalPpiGuid ## CONSUMES + gEdkiiVTdNullRootEntryTableGuid ## PRODUCES [Pcd] gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c index c9669426..2e252fe5 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c @@ -13,8 +13,10 @@ #include <Library/DebugLib.h> #include <Library/MemoryAllocationLib.h> #include <Library/CacheMaintenanceLib.h> +#include <Library/PeiServicesLib.h> #include <IndustryStandard/Vtd.h> #include <Ppi/VtdInfo.h> +#include <Ppi/VtdNullRootEntryTable.h> #include "IntelVTdPmrPei.h" @@ -246,6 +248,51 @@ DisableDmar ( return EFI_SUCCESS; } +/** + Enable VTd translation table protection in pre-memory phase. + + @param VTdInfo The VTd engine context information. + @param EngineMask The mask of the VTd engine to be accessed. + + @retval EFI_SUCCESS DMAR translation protection is enabled. + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported. +**/ +EFI_STATUS +PreMemoryEnableVTdTranslationProtection ( + IN VTD_INFO *VTdInfo, + IN UINT64 EngineMask + ) +{ + EFI_STATUS Status; + UINTN Index; + EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI *RootEntryTable; + + DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 0x%lx\n", EngineMask)); + + Status = PeiServicesLocatePpi ( + &gEdkiiVTdNullRootEntryTableGuid, + 0, + NULL, + (VOID **)&RootEntryTable + ); + + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status)); + return EFI_UNSUPPORTED; + } + + DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", *RootEntryTable)); + + for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) { + if ((EngineMask & LShiftU64(1, Index)) == 0) { + continue; + } + EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index], (UINTN)*RootEntryTable); + } + + return EFI_SUCCESS; +} + /** Enable VTd translation table protection. -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64817): https://edk2.groups.io/g/devel/message/64817 Mute This Topic: https://groups.io/mt/76529334/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
